HHS Office for Civil Rights Director Melanie Fontes Rainer on Progress and News at OCR
ERISA Blog | Changes to the HIPAA Privacy Rules A Primer for Self-Insured Group Health Plans
Podcast - Data Privacy and Tracking Technology Compliance
Patient Data and Privacy
2022 DSIR Deeper Dive: OCR’s Right of Access Initiative
HIPAA Tips With Williams Mullen - Telehealth After the Pandemic
Relaxed HIPAA Restrictions For Providers Using Telehealth
Webinar: Investigating and Resolving Sexual Assaults on Campus
Eyeglass manufacturer and retailer Warby Parker recently settled a 2018 data breach investigation by the Office for Civil Rights (OCR) for $1.5 million. According to OCR’s press release, Warby Parker self-reported that...more
With 2025 barely three weeks old, the US Department of Health and Human Services Office for Civil Rights (OCR) has already announced six enforcement actions for the new year. Particularly significant is the advancement of...more
Recent enforcement actions, audit activity, proposed rulemakings, and guidance issued by the U.S. Department of Health and Human Services (“HHS”), Office for Civil Rights (“OCR”) highlight the agency’s focus on health data...more
Cyberattacks on healthcare organizations are on the rise, with the number of affected individuals nearly tripling between 2022 and 2024, according to data compiled by the Department of Health and Human Services Office for...more
As the healthcare sector continues to be a top target for cyber criminals, the Office for Civil Rights (OCR) issued proposed updates to the HIPAA Security Rule (scheduled to be published in the Federal Register January 6). It...more
Change Healthcare Inc. has amended its initial breach report to the HHS Office for Civil Rights (OCR) to state that 100 million individuals were impacted by its mammoth ransomware attack and breach. However, as of Oct. 24,...more
Let’s review for a moment. It’s not a HIPAA violation to be a victim of ransomware. It’s not a HIPAA violation to pay a ransom. It’s up to the covered entity (CE) to determine if a security or privacy incident is a...more
On July 19, Change Healthcare Ince. filed a breach report with HHS Office for Civil Rights (OCR) concerning its mammoth ransomware attack and breach. The organization’s breach report to OCR identifies just 500 individuals as...more
Cyber, Privacy, and Technology Report - Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed....more
On February 14, the US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its annual reports to Congress detailing its actions to enforce the privacy, security, and breach notification...more
In this two-part Triage series, Gina Bertolini, Sarah Carlins, and Jianne McDonald analyze two recent HHS initiatives that address cybersecurity risks to hospitals and health systems nationwide. Cybersecurity events involving...more
News Briefs - New HHS Task Force Aims to Oversee AI in Healthcare - Details are emerging on a new HHS task force faced with a monumental task: creating a regulatory structure to oversee utilization of artificial intelligence...more
It is no secret that protected health information (or “PHI”) is more and more at risk for cybersecurity attacks. In 2022 (the most recent year this statistic is available), the Department for Health and Human Services Office...more
With a couple of “firsts,” the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is signaling that it is cracking down on healthcare organizations that fail to identify and address cybersecurity...more
Just imagine: your loved one needs an emergency room, right away, but the ER is closed due to a cyberattack. This is not a scary dream, but, unfortunately, a reality of healthcare delivery, today. Just earlier this fall, a...more
The U.S. Department of Health and Human Services, Office for Civil Rights (OCR) recently announced its first settlement agreement related to a ransomware attack. But it was not the ransomware that triggered OCR’s enforcement...more
Report on Patient Privacy 23, no. 11 (November, 2023) The American Hospital Association (AHA) is urging federal lawmakers to intervene with the HHS Office for Civil Rights (OCR) so that hospitals and health systems can...more
A strong cybersecurity program can help defend against cyber attacks and protect sensitive patient data. Thanks to a 2021 amendment of the HITECH Act, when a breach occurs, it can also reduce enforcement penalties. The...more
General and specialty compliance training from the comfort of your home or office! HCCA’s Regional Healthcare Compliance Conferences provide practitioners with virtual compliance training that includes updates on the...more
Report on Patient Privacy 22, no. 6 (June, 2022) - A report from the HHS Health Sector Cybersecurity Coordination Center (HC3) found that in early 2022, ransomware groups increasingly turned to legitimate software during...more
Report on Patient Privacy 21, no. 12 (December, 2021) - Amid the letters of congratulations to new HHS Office for Civil Rights (OCR) Director Lisa Pino is a plea from the American Hospital Association (AHA): “victims” of...more
Echoing other agencies in recent weeks, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) issued an alert sharing resources to address and protect institutions against the recent influx of...more
On June 9, 2021, OCR distributed an update to those on its Privacy List sharing links to alerts and resources for addressing the growing number and size of ransomware incidents. One such resource included a White House memo...more
Report on Patient Privacy 18, no. 1 (January 2021) - The HHS Office for Civil Rights (OCR) settled its 13th enforcement action in its Right of Access Initiative, first announced in 2019 to support individuals’ rights to...more
Report on Patient Privacy 20, no. 11 (November 2020) - In her 14-plus years of investigating and blogging about hacking and breaches, “Dissent” has been yelled at, threatened with lawsuits and accused of being a criminal....more